On Thu, 6 Oct 2011, Steve Rikli wrote:
In article alpine.LRH.2.00.1110060937180.9689@pfcpm187.yrrqf.np.hx, John Hodrien centos@centos.org wrote:
On Wed, 5 Oct 2011, Steve Rikli wrote:
... I'll also readily agree I wouldn't want NIS on internet-facing systems, but for things like automount maps on the internal corporate LAN, is it really a catastropic problem?
The problem you get is when you compare it with LDAP.
Compare in what way? What characteristics are you contrasting? I'm genuinely trying to understand the problem you're talking about for the case I've presented, and pro-con from someone who has done both would be appreciated.
I'm not saying NIS is catastrophically bad for an internal system that you consider to be 'safe', it just comes from a time when security wasn't high up the list of worries. Other than it being easy as cake to setup in the first place, I think it's hard to list *any* honest advantages over LDAP. Sorry, I don't consider performance to be a credible advantage, especially after nscd/sssd have had their way with caching results.
A good LDAP setup with nested groups, and GSSAPI just beats NIS over the head with a stick in terms of security, and once you've got a good LDAP infrastructure you start to discover just how many tools offer some form of LDAP integration. Extending the schema to suit internal uses is also easy, and querying it from within your own apps/scripts is far from difficult.
jh